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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in the 
application. 

Listing of Claims : 

1 . (Currently Amended) A method of sharing security credentials between devices of a 
user comprising: 

ascertaining at least one personal authentication gateway device of the user from at least 
one pervasive device of the user, the at least one pervasive device comprising at least one 
automatic token client application and the at least one personal authentication gateway device 
comprising at least one token server application; 

sending at least one token request from the at least one pervasive device to the at least one 
personal authentication gateway device , wherein the token request comprises: a Slave-ID field 
identifying the pervasive device, a Domain-ID field identifying a pervasive authentication 
domain, a Nonce- 128bit field identifying a random value generate by the pervasive device to 
protect against Token Request reply attacks, and a Type field, and further wherein the Nonce- 
128bit field, the Slave-ID field, and the Type field are encrypted using a Triple-DES symmetric 
cryptographic encryption algorithm; and 

receiving a token response at the at least one pervasive device from the at least one 
personal authentication gateway device only if the at least one pervasive device has been 
authorized via configuring the at least one personal authentication gateway device to recognize 
the at least one pervasive device as a registered member of a the pervasive authentication 
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domain , wherein the token response comprises: said Slave-ID field and said Nonce- 128bit field 
from the Token request, a Type field, and a Tokens and Checksum field containing 
authentication tokens and checksums for integrity, and further wherein the Nonce-128bit field, 
the Slave ID field, the Type field, and the Tokens and Checksum field are encrypted with triple- 
DES encryption; 

wherein when the security credentials are provided to the at least one authentication 
gateway device, the at least one pervasive device that has been authorized is enabled to retrieve 
the at least one authentication token; 

wherein the at least one pervasive device is a digital watch adapted with a user interfaces for 
entering the security credentials, and configured to use a TCP/IP protocol for wireless 
communication with the personal authentication gateway device; and 

wherein the security credentials will expire after a period of 10 minutes from receipt. 

2. (Cancelled) 

3. (Original) The method according to claim 1, wherein said ascertaining step comprises 
looking up a personal authentication gateway address in configuration settings. 

4. (Original) The method according to claim 1 , wherein the at least one token request 
comprises a pervasive device identification, a message type, and a protection arrangement for 
fields of the at least one token request, the protection arrangement being adapted to ensure 
integrity and confidentiality. 
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5. (Original) The method according to claim 1, wherein said receiving step comprises 
storing received credentials for use by other applications. 

6-18. (Cancelled) 

19. (Currently Amended) An apparatus for sharing security credentials between devices 
of a user, said apparatus comprising: 

a discoverer which finds at least one personal authentication gateway device of the user 
capabl e of responding to token requ e sts from at least one pervasive device of the user from at 
least one pervasive device of the user, the at least one pervasive device comprising at least one 
automatic token client application and the at least one personal authentication gateway device 
comprising at least one token server application ; 

a token requestor which sends at least one token request for at least one token required by 
the at least one p e rvasive device from the at least one pervasive device to the at least one 
personal authentication gateway device, wherein the token request comprises: a Slave-ID field 
identifying the pervasive device, a Domain-ID field identifying a pervasive authentication 
domain, a Nonce- 128bit field identifying a random value generate by the pervasive device to 
protect against Token Request reply attacks, and a Type field, and further wherein the Nonce- 
128bit field, the Slave-ID field, and the Type field are encrypted using a Triple-DES symmetric 
cryptographic encryption algorithm ; 

a token responder which accepts at least one token request and sends at least one token 
response with at least one authentication token to the at least one pervasive device only if the at 
least one pervasive device has been authorized via configuring the at least one personal 
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authentication gateway device to recognize the at least one pervasive device as a registered 
member of a the pervasive authentication domain, , wherein the token response comprises: said 
Slave-ID field and said Nonce- 128bit field from the Token request, a Type field, and a Tokens 
and Checksum field containing authentication tokens and checksums for integrity, and further 
wherein the Nonce- 128bit field, the Slave ID field, the Type field, and the Tokens and 
Checksum field are encrypted with triple-DES encryption to ensure that only the Automatic 
Token Client can read the Token Response ; 

wherein when the security credentials are provided to the at least one authentication 
gateway device, the at least one pervasive device that has been authorized is enabled to retrieve 
the at least one authentication token. 

wherein the at least one pervasive device is a digital watch adapted with a user interfaces for 
entering the security credentials, and configured to use a TCP/IP protocol for wireless 
communication with the personal authentication gateway device; and 

wherein the security credentials are designed to expire after a period of 10 minutes from 

receipt. 

20. (Original) The apparatus according to claim 19, wherein the at least one token 
request comprises a pervasive device identification, the message type, at least one authentication 
token, and a protection arrangement for fields of the at least one token request, the protection 
arrangement being adapted to ensure integrity and confidentiality. 

21. (Original) The apparatus according to claim 20, wherein said protection arrangement 
comprises Triple-DES encryption using a long key. 
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22. (Original) The apparatus according to claim 21, wherein said long key is a secure 
hash comprised of a master secret known only to the personal authentication gateway, a 
pervasive device identification, and a pervasive authentication domain identification. 

23. (Previously Presented) The apparatus according to claim 21, wherein said long key 
is distributed to the at least one pervasive device during authorization. 

24. (Cancelled) 

25. (Currently Amended) A program storage device readable by machine, tangibly 
embodying a program of instructions executable by the machine to perform method steps for 
sharing security credentials between devices of a user, said method comprising the steps of: 

ascertaining at least one personal authentication gateway device of the user from at least 
one pervasive device of the user by broadcasting a p e rvasiv e auth e ntication domain discov e ry 
request message and receiving at least one discovery response message from at least one personal 
authentication gateway d e vice , the at least one pervasive device comprising at least one 
automatic token client application and the at least one personal authentication gateway device 
comprising at least one token server application; 

sending at least one token request from the at least one pervasive device to the at least one 
personal authentication gateway device , wherein the token request comprises: a Slave-ID field 
identifying the pervasive device, a Domain-ID field identifying a pervasive authentication 
domain, a Nonce- 128bit field identifying a random value generate by the pervasive device to 
protect against Token Request reply attacks, and a Type field, and further wherein the Nonce- 
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128bit field, the Slave-ID field, and the Type field are encrypted using a Triple-DES symmetric 
cryptographic encryption algorithm ; aftdr 

receiving a token response at the pervasive device from the at least one personal 
authentication gateway only if the at least one pervasive device has been authorized via 
configuring the at least one personal authentication gateway device to recognize the at least one 
pervasive device as a registered member of a the pervasive authentication domain , wherein the 
token response comprises: said Slave-ID field and said Nonce- 128bit field from the Token 
request, a Type field, and a Tokens and Checksum field containing authentication tokens and 
checksums for integrity, and further wherein the Nonce- 128bit field, the Slave ID field, the Type 
field, and the Tokens and Checksum field are encrypted with triple-DES encryption to ensure 
that only the Automatic Token Client can read the Token Response ; "■ 

wherein when the security credentials are provided to the at least one authentication 
gateway device, the at least one pervasive device that has been authorized is enabled to retrieve at 
least one authentication token. 

wherein the at least one pervasive device is a digital watch adapted with a user interfaces for 
entering the security credentials, and configured to use a TCP/IP protocol for wireless 
communication with the personal authentication gateway device; and 

wherein the security credentials are designed to expire after a period of 10 minutes from 

receipt. 

26-29. (Cancelled) 
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